During my talk at the Alabama Code Camp, I demonstrated how you can host a SOAP web service in a WinForms application (or a Windows Service, etc.). However, my solution required the use of SOAP over TCP, which does make it less interoperable.
Angel Machin has a post that would allow any .NET application to host HTTP web services (using Web Services Enhancements). I have not tried this myself, but I got the link from William Stacey’s blog.
William Stacey himself hasn’t been idle either lately. He posted an improved custom solution to create a security context token on Channel 9. His first solution can be found on his blog and as a complete sample in my Alabama Code Camp downloads (Demo 2). I will probably change an implementation of web services I was working on to this SRP implementation. It is standards-based (which makes long-term maintenance, including maintenance by others) easier and promotes better security because the protocol has seen extensive reviews by the security community.
Sven Aelterman 